Solutions for url transfer of Chinese characters and special dangerous characters in php _ PHP Tutorial

Source: Internet
Author: User
Solutions for transferring Chinese characters and special dangerous characters through URLs in php. This article combines the urldecode and base64_encode functions in php, and then uses the replacement function you have written to safely pass url Chinese characters and special dangerous characters, if you need to know, refer to this article and combine the urldecode and base64_encode functions in php, and then use your own replacement functions to safely pass url Chinese characters and special dangerous characters, for more information, see.

We need to pass Chinese characters or other special characters such as html in the url. it seems that there will always be various chaos, and different browsers will encode them differently,

For Chinese, the general practice is:

Before passing these text strings to the url, perform urlencode ($ text) first;

However, for some "dangerous" characters, such as html characters or even SQL injection-related characters, if it is clearly passed to the system, for security reasons, the system usually filters them out.

Now, we need these dangerous characters. what should we do?

The solution I have come up with is to encode them with base64_encode ($ text) and decode them with base64_decode ($ text) on the server,

It looks perfect, but there is another problem in the use process. The base64_encode encoded string contains characters such as "/", "+", "=,

The base64_encode () function transmits the user's opinion (a small amount of content) in the url. when the user submits (post submits), an array is provided. therefore, I use the bse64_encode () function to encrypt my opinion. when I jump to the processing page, I receive the data again with get, and the encrypted data on both sides is incorrect. a + character is missing.

Encryption submitted by users:

TPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz + vI69ehsKEhfHw =

On the processing page, use get to receive the following:

TPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz vI69ehsKEhfHw =

If a plus sign is missing from the comparison, I don't know why it is exported. (maybe it is get, or the + character may not be available !). Please give me some advice.

These characters are special characters in url encoding. for example, "+" indicates "space", but different browsers have different codes for "space, some are represented by "+" and some are represented by "20%". that is to say, when these base64_encode encoded strings are passed in the url and browsed in different browsers, the value obtained by the server is different.

As a result, I thought of a compromise. I first replaced these base64 encoded special characters, and then replaced them on the server:


1. when the user submits the encrypted string, I replace the + character with another character. for example, str_replace ('+', '_', $ content );
2. switch again on the processing page: for example, str_replace ('_', '+', $ content );

The code is as follows:

Function base_encode ($ str ){
$ Src = array ("/", "+", "= ");
$ Dist = array ("_ a", "_ B", "_ c ");
$ Old = base64_encode ($ str );
$ New = str_replace ($ src, $ dist, $ old );
Return $ new;

Function base_decode ($ str ){
$ Src = array ("_ a", "_ B", "_ c ");
$ Dist = array ("/", "+", "= ");
$ Old = str_replace ($ src, $ dist, $ str );
$ New = base64_decode ($ old );
Return $ new;

The following figure shows the effect in the browser.


The urldecode instance method is simple.

Urldecode (string $ str)
Decodes any % # in the encoded string ##. Returns the decoded string.

Example #1 urldecode () Example

The code is as follows:

$ A = explode ('&', $ QUERY_STRING );
$ I = 0;
While ($ I <count ($ )){
$ B = split ('=', $ a [$ I]);
Echo 'Value for parameter ', htmlspecialchars (urldecode ($ B [0]),
'Is, htmlspecialchars (urldecode ($ B [1]),"
$ I ++;


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.